Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization

TL;DR

This paper introduces a new control flow randomization technique to defend against branch-shadowing attacks on Intel SGX, providing quantifiable security improvements over previous methods like Zigzagger.

Contribution

It proposes a novel control flow randomization scheme that offers measurable security guarantees and effectively mitigates branch-shadowing attacks in SGX environments.

Findings

The approach eliminates conditional branches in enclave code.

It effectively hides branch targets through compile-time and runtime randomization.

Performance overhead was measured on SGX-Nbench benchmarks.

Abstract

Intel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computations from potentially compromised system software. However, recent research has shown that SGX is vulnerable to branch-shadowing -- a side channel attack that leaks the fine-grained (branch granularity) control flow of an enclave (SGX protected code), potentially revealing sensitive data to the attacker. The previously-proposed defense mechanism, called Zigzagger, attempted to hide the control flow, but has been shown to be ineffective if the attacker can single-step through the enclave using the recent SGX-Step framework. Taking into account these stronger attacker capabilities, we propose a new defense against branch-shadowing, based on control flow randomization. Our scheme is inspired by Zigzagger, but provides quantifiable security guarantees with respect to a tunable security parameter. Specifically, we eliminate conditional branches and hide the targets of unconditional branches using a combination of compile-time modifications and run-time code randomization. We evaluated the performance of our approach by measuring the run-time overhead of ten benchmark programs of SGX-Nbench in SGX environment.